Adolf Belka [Thu, 8 Aug 2024 19:32:17 +0000 (21:32 +0200)]
libassuan: Update to version 3.0.1
- Update from version 2.5.5 to 3.0.1
- Update of rootfile
- Changelog
3.0.1
* Change Unix symbol versioning to help the Debian transitioning
process.
3.0.0
* API change: For new code, which uses libassuan with nPTH, please
use gpgrt_get_syscall_clamp and assuan_control, instead of the
system_hooks API. Use of ASSUAN_SYSTEM_NPTH is deprecated with new
API version 3. If it's really needed to keep using old
implementation of ASSUAN_SYSTEM_NPTH, you need to change your your
application code, to define
ASSUAN_REALLY_REQUIRE_V2_NPTH_SYSTEM_HOOKS before including
<assuan.h>. For an application which uses version 2 API
(NEED_LIBASSUAN_API=2 in its configure.ac), use of
ASSUAN_SYSTEM_NPTH is still supported. [T5914]
* New function assuan_control. [T6625]
* New function assuan_sock_accept. [T5925]
* New functions assuan_pipe_wait_server_termination and
assuan_pipe_kill_server to support abstraction of process. [T6487]
* Windows support for sendfd/recvfd. [T6236]
* Implement timeout in assuan_sock_connect_byname. [T3302]
* No support for WindowsCE, any more. [T6170]
* New socket flags "linger" and "reuseaddr". [rA87f92fe962]
* Interface changes relative to the 2.5.0 release:
assuan_sock_accept NEW.
assuan_pipe_wait_server_termination NEW.
assuan_pipe_kill_server NEW.
assuan_sock_set_flag EXTENDED.
assuan_sock_get_flag EXTENDED.
2.5.7
New configure option --with-libtool-modification. [T6619]
Change the naming of the 64 bit Windows DLL from libassuan6-0.dll to
libassuan-0.dll to sync this with what we did for libgpg-error.
2.5.6
* Fix logging of confidential data. [rA0fc31770fa]
* Fix memory wiping. [T5977]
* Fix macOS build problem. [T5440,T5610]
* Upgrade autoconf stuff.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 8 Aug 2024 19:32:16 +0000 (21:32 +0200)]
libarchive: Update to version 3.7.4
- Update from version 3.7.0 to 3.7.4
- Update of rootfile
- CVE fix in 3.7.4
- Changelog
3.7.4
Security fixes:
rar: Fix OOB in rar e8 filter (#2135) (CVE-2024-26256)
zip: Fix out of boundary access (#2145)
Important bugfixes:
7zip: Limit amount of properties (#2131)
bsdtar: Fix error handling around strtol() usages (#2110)
passphrase: Improve newline handling on Windows (#2115)
passphrase: Never allow empty passwords (#2116)
rar: Fix "File CRC Error" when extracting specific rar4 archives (#2124)
xar: Avoid infinite link loop (#2123)
zip: Update AppleDouble support for directories (#2108)
zstd: Implement core detection (#2083, #2071)
3.7.3
New features:
PCRE2 support (#2031)
add trailing letter b to bsdtar(1) substitute pattern (#2012)
add support for long options "--group" and "--owner" to tar(1) (#2054)
Security fixes:
Fix possible vulnerability in tar error reporting introduced in f27c173 (#2101)
Important bugfixes:
ISO9660: preserve the natural order of links (#1974)
rar5: fix decoding unicode filenames on Windows (#1978)
rar5: fix infinite loop if during rar5 decompression the last block produced
no data (#2105)
xz filter: fix incorrect eof at the end of an lzip member (#2027)
zip: fix end-of-data marker processing when decompressing zip archives (#2042)
multiple bsdunzip(1) fixes (#2022, #2030)
filetime truncation fix on Windows (#2050)
3.7.2
Security fixes:
Multiple vulnerabilities have been fixed in the PAX writer (1b4e0d0)
Important bugfixes:
bsdunzip(1) now correctly handles arguments following an -x after the zipfile
New features:
bsdunzip(1) now supports the "--version" flag
7-zip reader now translates Windows permissions into UNIX permissions (#1943)
uudecode filter in raw mode now supports file name and file mode
zstd filter now supports the "long" write option (#1962)
3.7.1
Security fixes:
SEGV and stack buffer overflow in verbose mode of cpio (#1934, #1935)
Feature updates:
bsdunzip updated to match latest upstream code (#1926)
Important bugfixes:
miscellaneous functional bugfixes (#1731, #1929, #1930)
build fixes on multiple platforms (Android #1921, older MacOS X #1919, #1933
and others)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 7 Aug 2024 08:22:56 +0000 (10:22 +0200)]
hostapd: Update to version 2_11
- Update from version 2_10 to 2_11
- Update of rootfile not required
- Update of patches to latest source tarball
- Changelog
2_11
* Wi-Fi Easy Connect
- add support for DPP release 3
- allow Configurator parameters to be provided during config exchange
* HE/IEEE 802.11ax/Wi-Fi 6
- various fixes
* EHT/IEEE 802.11be/Wi-Fi 7
- add preliminary support
* SAE: add support for fetching the password from a RADIUS server
* support OpenSSL 3.0 API changes
* support background radar detection and CAC with some additional
drivers
* support RADIUS ACL/PSK check during 4-way handshake (wpa_psk_radius=3)
* EAP-SIM/AKA: support IMSI privacy
* improve 4-way handshake operations
- use Secure=1 in message 3 during PTK rekeying
* OCV: do not check Frequency Segment 1 Channel Number for 160 MHz cases
to avoid interoperability issues
* support new SAE AKM suites with variable length keys
* support new AKM for 802.1X/EAP with SHA384
* extend PASN support for secure ranging
* FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP)
- this is based on additional details being added in the IEEE 802.11
standard
- the new implementation is not backwards compatible
* improved ACS to cover additional channel types/bandwidths
* extended Multiple BSSID support
* fix beacon protection with FT protocol (incorrect BIGTK was provided)
* support unsynchronized service discovery (USD)
* add preliminary support for RADIUS/TLS
* add support for explicit SSID protection in 4-way handshake
(a mitigation for CVE-2023-52424; disabled by default for now, can be
enabled with ssid_protection=1)
* fix SAE H2E rejected groups validation to avoid downgrade attacks
* use stricter validation for some RADIUS messages
* a large number of other fixes, cleanup, and extensions
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 21 May 2024 14:56:21 +0000 (16:56 +0200)]
openssl: Update to version 3.3.0
- Update from version 3.2.1 to 3.3.0
- Update of rootfile
- Changelog
3.3
This release adds the following new features:
* Support for qlog for tracing QUIC connections has been added
* Added APIs to allow configuring the negotiated idle timeout for QUIC
connections, and to allow determining the number of additional streams
that can currently be created for a QUIC connection.
* Added APIs to allow disabling implicit QUIC event processing for QUIC SSL
objects
* Added APIs to allow querying the size and utilisation of a QUIC stream's
write buffer
* New API `SSL_write_ex2`, which can be used to send an end-of-stream (FIN)
condition in an optimised way when using QUIC.
* Limited support for polling of QUIC connection and stream objects in a
non-blocking manner.
* Added a new EVP_DigestSqueeze() API. This allows SHAKE to squeeze multiple
times with different output sizes.
* Added exporter for CMake on Unix and Windows, alongside the pkg-config
exporter.
* The BLAKE2s hash algorithm matches BLAKE2b's support for configurable
output length.
* The EVP_PKEY_fromdata function has been augmented to allow for the
derivation of CRT (Chinese Remainder Theorem) parameters when requested
* Added API functions SSL_SESSION_get_time_ex(), SSL_SESSION_set_time_ex()
using time_t which is Y2038 safe on 32 bit systems when 64 bit time
is enabled
* Unknown entries in TLS SignatureAlgorithms, ClientSignatureAlgorithms
config options and the respective calls to SSL[_CTX]_set1_sigalgs() and
SSL[_CTX]_set1_client_sigalgs() that start with `?` character are
ignored and the configuration will still be used.
* Added `-set_issuer` and `-set_subject` options to `openssl x509` to
override the Issuer and Subject when creating a certificate. The `-subj`
option now is an alias for `-set_subject`.
* Added several new features of CMPv3 defined in RFC 9480 and RFC 9483
* New option `SSL_OP_PREFER_NO_DHE_KEX`, which allows configuring a TLS1.3
server to prefer session resumption using PSK-only key exchange over PSK
with DHE, if both are available.
* New atexit configuration switch, which controls whether the OPENSSL_cleanup
is registered when libcrypto is unloaded.
* Added X509_STORE_get1_objects to avoid issues with the existing
X509_STORE_get0_objects API in multi-threaded applications.
This release incorporates the following potentially significant or incompatible
changes:
* Applied AES-GCM unroll8 optimisation to Microsoft Azure Cobalt 100
* Optimized AES-CTR for ARM Neoverse V1 and V2
* Enable AES and SHA3 optimisations on Applie Silicon M3-based MacOS systems
similar to M1/M2.
* Various optimizations for cryptographic routines using RISC-V vector crypto
extensions
* Added assembly implementation for md5 on loongarch64
* Accept longer context for TLS 1.2 exporters
* The activate and soft_load configuration settings for providers in
openssl.cnf have been updated to require a value of [1|yes|true|on]
(in lower or UPPER case) to enable the setting. Conversely a value
of [0|no|false|off] will disable the setting.
* In `openssl speed`, changed the default hash function used with `hmac` from
`md5` to `sha256`.
* The `-verify` option to the `openssl crl` and `openssl req` will make the
program exit with 1 on failure.
* The d2i_ASN1_GENERALIZEDTIME(), d2i_ASN1_UTCTIME(), ASN1_TIME_check(), and
related functions have been augmented to check for a minimum length of
the input string, in accordance with ITU-T X.690 section 11.7 and 11.8.
* OPENSSL_sk_push() and sk_<TYPE>_push() functions now return 0 instead of -1
if called with a NULL stack argument.
* New limit on HTTP response headers is introduced to HTTP client. The
default limit is set to 256 header lines.
This release incorporates the following bug fixes and mitigations:
* The BIO_get_new_index() function can only be called 127 times before it
reaches its upper bound of BIO_TYPE_MASK and will now return -1 once its
exhausted.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Suggested-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
For details see:
https://github.com/oetiker/rrdtool-1.x/releases/tag/v1.9.0
"RRDtool 1.9.0 — 2024-07-29
Bugfixes
Fix ytop and ybase adjustments for overlaping area issue on transparent areas @turban
Suppress warnings of implicit fall through @youpong
Update tarball download link in doc @c72578
Fix unsigned integer overflow in rrdtool first. Add test for rrd_first() @c72578
Fix tests under MSYS2 (Windows) @c72578
Fix BUILD_DATE in rrdtool help output @c72578
acinclude.m4: Include <stdlib.h> when using exit @ryandesign
rrdtool-release: Create NUMVERS from VERSION file @c72578
Avoids leaking of file descriptors in multi threaded programs by @ensc
Avoids potential unterminated string because of fixed PATH_MAX buffer
Fix extra reference of parameters of rrd_fetch_dbi_{long,double} @jamborm"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 26 Jul 2024 12:32:24 +0000 (14:32 +0200)]
bird: Update to version 2.15.1
- Update from version 2.14 to 2.15.1
- Update of rootfile not required
- Changelog
2.15.1
o OSPF: Fix regression in handling PtP links
o RPKI: Handle connection resets properly
o Static: Reject invalid combination of options
o Fix builds with limited set of protocols
2.15
o BGP: Send hold timer
o BGP: New options to specify required BGP capabilities
o BFD: Improvements to 'show bfd sessions' command
o RPKI: New 'local address' configuration option
o Linux: Support for more route attributes, including
TCP congestion control algorithm
o Support for UDP logging
o Static routes can have both nexthop and interface specified
o Completion of command options in BIRD client
o Many bugfixes and improvements
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 2 Aug 2024 16:49:15 +0000 (16:49 +0000)]
vectorscan: Fix check for CPU support
According to the documentation, Vectorscan checks whether the CPU is
supporting the minimum requirement of SSE4.2. However the check is still
checking for SSSE3 which makes the library fail on systems without
SSE4.2.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 21 Jul 2024 11:41:22 +0000 (13:41 +0200)]
nginx: Update to version 1.26.1
- Update from version 1.24.0 to 1.26.1
- Update of rootfile not required
- Version 1.24.0 is now a legacy version, no longer being supported. Stable version has
changed to 1.26.x series.
- Various CVE fixes in 1.26.1 and in 1.25.4, the development branch that became 1.26.0,
that the legacy version 1.24.0 is also vulnerable to.
- Changelog
1.26.1
*) Security: when using HTTP/3, processing of a specially crafted QUIC
session might cause a worker process crash, worker process memory
disclosure on systems with MTU larger than 4096 bytes, or might have
potential other impact (CVE-2024-32760, CVE-2024-31079,
CVE-2024-35200, CVE-2024-34161).
*) Bugfix: reduced memory consumption for long-lived requests if "gzip",
"gunzip", "ssi", "sub_filter", or "grpc_pass" directives are used.
*) Bugfix: nginx could not be built by gcc 14 if the --with-atomic
option was used.
*) Bugfix: in HTTP/3.
1.26.0
*) 1.26.x stable branch.
1.25.5
*) Feature: virtual servers in the stream module.
*) Feature: the ngx_stream_pass_module.
*) Feature: the "deferred", "accept_filter", and "setfib" parameters of
the "listen" directive in the stream module.
*) Feature: cache line size detection for some architectures.
*) Feature: support for Homebrew on Apple Silicon.
*) Bugfix: Windows cross-compilation bugfixes and improvements.
*) Bugfix: unexpected connection closure while using 0-RTT in QUIC.
1.25.4
*) Security: when using HTTP/3 a segmentation fault might occur in a
worker process while processing a specially crafted QUIC session
(CVE-2024-24989, CVE-2024-24990).
*) Bugfix: connections with pending AIO operations might be closed
prematurely during graceful shutdown of old worker processes.
*) Bugfix: socket leak alerts no longer logged when fast shutdown was
requested after graceful shutdown of old worker processes.
*) Bugfix: a socket descriptor error, a socket leak, or a segmentation
fault in a worker process (for SSL proxying) might occur if AIO was
used in a subrequest.
*) Bugfix: a segmentation fault might occur in a worker process if SSL
proxying was used along with the "image_filter" directive and errors
with code 415 were redirected with the "error_page" directive.
*) Bugfixes and improvements in HTTP/3.
1.25.3
*) Change: improved detection of misbehaving clients when using HTTP/2.
*) Feature: startup speedup when using a large number of locations.
Thanks to Yusuke Nojima.
*) Bugfix: a segmentation fault might occur in a worker process when
using HTTP/2 without SSL; the bug had appeared in 1.25.1.
*) Bugfix: the "Status" backend response header line with an empty
reason phrase was handled incorrectly.
*) Bugfix: memory leak during reconfiguration when using the PCRE2
library.
*) Bugfixes and improvements in HTTP/3.
1.25.2
*) Feature: path MTU discovery when using HTTP/3.
*) Feature: TLS_AES_128_CCM_SHA256 cipher suite support when using
HTTP/3.
*) Change: now nginx uses appname "nginx" when loading OpenSSL
configuration.
*) Change: now nginx does not try to load OpenSSL configuration if the
--with-openssl option was used to built OpenSSL and the OPENSSL_CONF
environment variable is not set.
*) Bugfix: in the $body_bytes_sent variable when using HTTP/3.
*) Bugfix: in HTTP/3.
1.25.1
*) Feature: the "http2" directive, which enables HTTP/2 on a per-server
basis; the "http2" parameter of the "listen" directive is now
deprecated.
*) Change: HTTP/2 server push support has been removed.
*) Change: the deprecated "ssl" directive is not supported anymore.
*) Bugfix: in HTTP/3 when using OpenSSL.
1.25.0
*) Feature: experimental HTTP/3 support.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
For details see:
https://dlcdn.apache.org/httpd/CHANGES_2.4.62
"Changes with Apache 2.4.62
*) SECURITY: CVE-2024-40898: Apache HTTP Server: SSRF with
mod_rewrite in server/vhost context on Windows (cve.mitre.org)
SSRF in Apache HTTP Server on Windows with mod_rewrite in
server/vhost context, allows to potentially leak NTML hashes to
a malicious server via SSRF and malicious requests.
Users are recommended to upgrade to version 2.4.62 which fixes
this issue.
Credits: Smi1e (DBAPPSecurity Ltd.)
*) SECURITY: CVE-2024-40725: Apache HTTP Server: source code
disclosure with handlers configured via AddType (cve.mitre.org)
A partial fix for CVE-2024-39884 in the core of Apache HTTP
Server 2.4.61 ignores some use of the legacy content-type based
configuration of handlers. "AddType" and similar configuration,
under some circumstances where files are requested indirectly,
result in source code disclosure of local content. For example,
PHP scripts may be served instead of interpreted.
Users are recommended to upgrade to version 2.4.62, which fixes
this issue.
*) mod_proxy: Fix canonicalisation and FCGI env (PATH_INFO, SCRIPT_NAME) for
"balancer:" URLs set via SetHandler, also allowing for "unix:" sockets
with BalancerMember(s). PR 69168. [Yann Ylavic]
Adolf Belka [Tue, 16 Jul 2024 11:00:05 +0000 (13:00 +0200)]
mpd: Patch mpd to deal with format function being const in fmt-11.0.0 onwards
- Commit has been made in mpd but no release has yet been made with the change. When the
next version release of mpd occurs this patch can be removed.
- The patch changes all format calls to be const . Without this patch mpd will not build
with fmt-11.0.0 or newer.
- Update of rootfile not required.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 16 Jul 2024 11:00:04 +0000 (13:00 +0200)]
fmt: Update to version 11.0.1
- Update from version 10.2.1 to 11.0.1
- Update of rootfile
- fmt from version 11.0.0 onwards has made the format function a constant. This was done to
enforce that formatter::format is const for compatibility with std::format.
- Changelog
11.0.1
Fixed version number in the inline namespace (#4047).
Fixed disabling Unicode support via CMake (#4051).
Fixed deprecated visit_format_arg (#4043).
Fixed handling of a sign and improved the std::complex formater (#4034, #4050).
Removed a redundant check in the formatter for std::expected (#4040).
11.0.0
Added fmt/base.h which provides a subset of the API with minimal include
dependencies and enough functionality to replace all uses of the printf family
of functions. This brings the compile time of code using {fmt} much closer to
the equivalent printf code.
This gives almost 4x improvement in build speed compared to version 10. Note
that the benchmark is purely formatting code and includes. In real projects the
difference from printf will be smaller partly because common standard headers
will be included in almost any translation unit (TU) anyway. In particular, in
every case except printf above ~1s is spent in total on including <type_traits>
in all TUs.
Optimized includes in other headers such as fmt/format.h which is now roughly
equivalent to the old fmt/core.h in terms of build speed.
Migrated the documentation at https://fmt.dev/ from Sphinx to MkDocs.
Improved C++20 module support (#3990, #3991, #3993, #3994, #3997, #3998, #4004,
#4005, #4006, #4013, #4027, #4029). In particular, native CMake support for
modules is now used if available.
Added an option to replace standard includes with import std enabled via the
FMT_IMPORT_STD macro (#3921, #3928).
Exported fmt::range_format, fmt::range_format_kind and fmt::compiled_string from
the fmt module (#3970, #3999).
Improved integration with stdio in fmt::print, enabling direct writes into a C
stream buffer in common cases. This may give significant performance
improvements ranging from tens of percent to 2x and eliminates dynamic memory
allocations on the buffer level. It is currently enabled for built-in and
string types with wider availability coming up in future releases.
For example, it gives ~24% improvement on a simple benchmark compiled with
Apple clang version 15.0.0 (clang-1500.1.0.2.5) and run on macOS 14.2.1
Improved safety of fmt::format_to when writing to an array (#3805). For example
(godbolt):
auto volkswagen = char[4];
auto result = fmt::format_to(volkswagen, "elephant");
no longer results in a buffer overflow. Instead the output will be truncated
and you can get the end iterator and whether truncation occurred from the
result object.
Enabled Unicode support by default in MSVC, bringing it on par with other
compilers and making it unnecessary for users to enable it explicitly. Most of
{fmt} is encoding-agnostic but this prevents mojibake in places where encoding
matters such as path formatting and terminal output. You can control the
Unicode support via the CMake FMT_UNICODE option. Note that some {fmt} packages
such as the one in vcpkg have already been compiled with Unicode enabled.
Added a formatter for std::expected (#3834).
Added a formatter for std::complex (#1467, #3886, #3892, #3900).
Added a formatter for std::type_info (#3978).
Specialized formatter for std::basic_string types with custom traits and
allocators (#3938, #3943).
Added formatters for std::chrono::day, std::chrono::month, std::chrono::year and
std::chrono::year_month_day (#3758, #3772, #3906, #3913).
Fixed handling of precision in %S (#3794, #3814). Thanks @js324.
Added support for the - specifier (glibc strftime extension) to day of the month
(%d) and week of the year (%W, %U, %V) specifiers (#3976).
Fixed the scope of the - extension in chrono formatting so that it doesn't apply
to subsequent specifiers (#3811, #3812).
Improved handling of time_point::min() (#3282).
Added support for character range formatting (#3857, #3863).
Added string and debug_string range formatters (#3973, #4024).
Enabled ADL for begin and end in fmt::join (#3813, #3824).
Made contiguous iterator optimizations apply to std::basic_string iterators
(#3798).
Added support for ranges with mutable begin and end (#3752, #3800, #3955).
Added support for move-only iterators to fmt::join (#3802, #3946).
Moved range and iterator overloads of fmt::join to fmt/ranges.h, next to other
overloads.
Fixed handling of types with begin returning void such as Eigen matrices (#3839,
#3964).
Added an fmt::formattable concept (#3974).
Added support for __float128 (#3494).
Fixed rounding issues when formatting long double with fixed precision (#3539).
Made fmt::isnan not trigger floating-point exception for NaN values (#3948, #3951).
Removed dependency on <memory> for std::allocator_traits when possible (#3804).
Enabled compile-time checks in formatting functions that take text colors and
styles.
Deprecated wide stream overloads of fmt::print that take text styles.
Made format string compilation work with clang 12 and later despite only partial
non-type template parameter support (#4000, #4001).
Made fmt::iterator_buffer's move constructor noexcept (#3808).
Started enforcing that formatter::format is const for compatibility with
std::format (#3447).
Added fmt::basic_format_arg::visit and deprecated fmt::visit_format_arg.
Made fmt::basic_string_view not constructible from nullptr for consistency with
std::string_view in C++23 (#3846).
Fixed fmt::group_digits for negative integers (#3891, #3901).
Fixed handling of negative ids in fmt::basic_format_args::get (#3945).
Improved named argument validation (#3817).
Disabled copy construction/assignment for fmt::format_arg_store and fixed moved
construction (#3833).
Worked around a locale issue in RHEL/devtoolset (#3858, #3859).
Added RTTI detection for MSVC (#3821, #3963).
Migrated the documentation from Sphinx to MkDocs.
Improved documentation and README.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
For details see:
https://www.nano-editor.org/news.php
"2024 July 12 - GNU nano 8.1 "de dag van de bitterkoekjespudding"
The idiom nano filename:linenumber is understood only when
the option --colonparsing (or 'set colonparsing') is used.
Modern bindings are not activated when nano's invocation name
starts with "e", as it jars with Debian's alternatives system.
New bindable function 'cycle' first centers the current row,
then moves it to the top of the viewport, then to the bottom.
It is bound by default to ^L.
Option --listsyntaxes/-z lists the names of available syntaxes."
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 12 Jul 2024 19:02:18 +0000 (21:02 +0200)]
gettext: Update to version 0.22.5
- Update from version 0.22.4 to 0.22.5
- Update of rootfile
- Changelog
0.22.5
* The replacements for the printf()/fprintf()/... functions that are
provided through <libintl.h> on native Windows and NetBSD now enable
GCC's format string analysis (-Wformat).
* Bug fixes:
- xgettext's processing of Vala files with printf method invocations has
been corrected (regression in 0.22).
- Build fixes on macOS.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 12 Jul 2024 16:17:41 +0000 (18:17 +0200)]
coreutils: Update to version 9.5
- Update from version 9.0 to 9.5
- Update of the uname patch to 9.5
- Obtained the 9.5 version of the i18n patch. However this caused the coreutils build to
fail. Without the patch the build had no problems. After investigating for some time
I identified that coreutils used to have the mbchar.h and mbchar.c files in its
source tarball lib directory. However those are no longer needed by coreutils so they
have been deleted in the source tarball. However the i18n patch still requires them.
The patch creates the code for the mbchar.h and mbchar.c files. However it has made
the availability of the members buf & mb_setascii and some code related to old_mbc
dependent on GNULIB being defined. This is specified in configure.ac but that define
did not make it into the prepared configure file. This causes those members to not be
found and the build fails.
- Removing the three #if defined GNLIB_MBFILE statements from the coreutils-9.5-i18n
patch, so that the code is executed in the build, causes the members to be present
and the build is successfull.
- Update of rootfile
- Changelog
9.5
** Bug fixes
chmod -R now avoids a race where an attacker may replace a traversed file
with a symlink, causing chmod to operate on an unintended file.
[This bug was present in "the beginning".]
cp, mv, and install no longer issue spurious diagnostics like "failed
to preserve ownership" when copying to GNU/Linux CIFS file systems.
They do this by working around some Linux CIFS bugs.
cp --no-preserve=mode will correctly maintain set-group-ID bits
for created directories. Previously on systems that didn't support ACLs,
cp would have reset the set-group-ID bit on created directories.
[bug introduced in coreutils-8.20]
join and uniq now support multi-byte characters better.
For example, 'join -tX' now works even if X is a multi-byte character,
and both programs now treat multi-byte characters like U+3000
IDEOGRAPHIC SPACE as blanks if the current locale treats them so.
numfmt options like --suffix no longer have an arbitrary 127-byte limit.
[bug introduced with numfmt in coreutils-8.21]
mktemp with --suffix now better diagnoses templates with too few X's.
Previously it conflated the insignificant --suffix in the error.
[bug introduced in coreutils-8.1]
sort again handles thousands grouping characters in single-byte locales
where the grouping character is greater than CHAR_MAX. For e.g. signed
character platforms with a 0xA0 (aka  ) grouping character.
[bug introduced in coreutils-9.1]
split --line-bytes with a mixture of very long and short lines
no longer overwrites the heap (CVE-2024-0684).
[bug introduced in coreutils-9.2]
tail no longer mishandles input from files in /proc and /sys file systems,
on systems with a page size larger than the stdio BUFSIZ.
[This bug was present in "the beginning".]
timeout avoids a narrow race condition, where it might kill arbitrary
processes after a failed process fork.
[bug introduced with timeout in coreutils-7.0]
timeout avoids a narrow race condition, where it might fail to
kill monitored processes immediately after forking them.
[bug introduced with timeout in coreutils-7.0]
wc no longer fails to count unprintable characters as parts of words.
[bug introduced in textutils-2.1]
** Changes in behavior
base32 and base64 no longer require padding when decoding.
Previously an error was given for non padded encoded data.
base32 and base64 have improved detection of corrupted encodings.
Previously encodings with non zero padding bits were accepted.
basenc --base16 -d now supports lower case hexadecimal characters.
Previously an error was given for lower case hex digits.
cp --no-clobber, and mv -n no longer exit with failure status if
existing files are encountered in the destination. Instead they revert
to the behavior from before v9.2, silently skipping existing files.
ls --dired now implies long format output without hyperlinks enabled,
and will take precedence over previously specified formats or hyperlink mode.
numfmt will accept lowercase 'k' to indicate Kilo or Kibi units on input,
and uses lowercase 'k' when outputting such units in '--to=si' mode.
pinky no longer tries to canonicalize the user's login location by default,
rather requiring the new --lookup option to enable this often slow feature.
wc no longer ignores encoding errors when counting words.
Instead, it treats them as non white space.
** New features
chgrp now accepts the --from=OWNER:GROUP option to restrict changes to files
with matching current OWNER and/or GROUP, as already supported by chown(1).
chmod adds support for -h, -H,-L,-P, and --dereference options, providing
more control over symlink handling. This supports more secure handling of
CLI arguments, and is more consistent with chown, and chmod on other systems.
cp now accepts the --keep-directory-symlink option (like tar), to preserve
and follow existing symlinks to directories in the destination.
cp and mv now accept the --update=none-fail option, which is similar
to the --no-clobber option, except that existing files are diagnosed,
and the command exits with failure status if existing files.
The -n,--no-clobber option is best avoided due to platform differences.
env now accepts the -a,--argv0 option to override the zeroth argument
of the command being executed.
mv now accepts an --exchange option, which causes the source and
destination to be exchanged. It should be combined with
--no-target-directory (-T) if the destination is a directory.
The exchange is atomic if source and destination are on a single
file system that supports atomic exchange; --exchange is not yet
supported in other situations.
od now supports printing IEEE half precision floating point with -t fH,
or brain 16 bit floating point with -t fB, where supported by the compiler.
tail now supports following multiple processes, with repeated --pid options.
** Improvements
cp,mv,install,cat,split now read and write a minimum of 256KiB at a time.
This was previously 128KiB and increasing to 256KiB was seen to increase
throughput by 10-20% when reading cached files on modern systems.
env,kill,timeout now support unnamed signals. kill(1) for example now
supports sending such signals, and env(1) will list them appropriately.
SELinux operations in file copy operations are now more efficient,
avoiding unneeded MCS/MLS label translation.
sort no longer dynamically links to libcrypto unless -R is used.
This decreases startup overhead in the typical case.
wc is now much faster in single-byte locales and somewhat faster in
multi-byte locales.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 11 Jul 2024 19:53:27 +0000 (21:53 +0200)]
ncurses: Update to version 6.5
- Update from version 6.4 to 6.5
- Update of rootfile
- --with-pkg-config-libdir as the previous default has been changed to $(LIBDIR) and this
does not work and resulted in procps not building as it could not find ncurses.
- Likely other packages after procps would have also failed.
- Explicitly specifying the pkgconfig directory location worked.
- Changelog
6.5
The changelog details are in the NEWS file in the source tarball. Version 6.5
is covered by lines 49 to 530
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 11 Jul 2024 13:41:46 +0000 (15:41 +0200)]
tshark: Update to version 4.2.6
- Update from version 4.2.5 to 4.2.6
- Update of rootfile
- Changelog
4.2.6
Bug Fixes
A regression in the TCP Stream Graph "Time Sequence (tcptrace)"
receive window line behavior introduced in 4.2.5 and 4.0.15 has been
fixed. Issue 19846[3]
The following vulnerability has been fixed:
• wnpa-sec-2024-10[4] SPRT dissector crash. Issue 19559[5].
The following bugs have been fixed:
• RADIUS dissector’s dictionary loading broken in many ways. Issue
6466[6].
• 3.4 → 3.6.5 ASCII display is broken on CentOS 7. Issue 18096[7].
• Funnel/Lua: Closing child window disconnects buttons of parent.
Issue 18386[8].
• Lua detection fails with Alpine Linux: missing: LUA_LIBRARIES.
Issue 19841[9].
• vnd.3gpp.5gnas payloads of type SMS not decoded inside HTTP2 5GC.
Issue 19845[10].
• TCP Stream Graphs green sliding window line not displayed
correctly. Issue 19846[11].
• Wireshark window doesn’t fully fit on screen on small resolutions
and can’t be resized properly on Russian language. Issue
19861[12].
• Wireshark started from command line doesn’t set
gui.fileopen_remembered_dir correctly on Windows. Issue
19891[13].
• Wireshark expects wrong length for DHCP Relay Agent Information
Source Port Suboption. Issue 19909[14].
• SIP P-Access-Network-Info header not correctly decoded. Issue
19917[15].
Updated Protocol Support
DHCP, E.212, MySQL, NAS-5GS, PKT CCC, ProtoBuf, RADIUS, RLC-LTE, RTP,
SIP, SPRT, Thrift, and Wi-SUN
New and Updated Capture File Support
log3gpp
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
projects / people / mfischer / ipfire-2.x.git / log
